December 7, 2006 - 18:58 EST
ADAM is a good store for users in .NET, but some things tend to take long time to figure out. One of these are password managment. This post will explain a method for setting a user's password from code (for resetting a password, changing a password etc.).
December 7, 2006 - 08:52 EST
Sensitive or confidential information should appear in the log, but unfortunately both frameworks, data sources and custom code tend to do this.
November 27, 2006 - 09:03 EST
I found an interesting article at blogs.securityteam.com. This article explains how virtual keyboard solutions can be circumvented in phishing attempts. Read more here: Defeating Image-Based Virtual Keyboards and Phishing Banks
November 1, 2006 - 08:57 EST
Michael Sutton wrote an interesting blog post:Top 10 Signs You Have an Insecure Web App
. It's interesting to see how a lot of these mistakes are actually found by google, making it really easy for potential attackers.[...]
October 24, 2006 - 14:27 EDT
Ruby on rails (RoR) is rapidly gaining popularity as a platform for developing web applications. However most tutorials teach you to write highly unsecure code that will allow attackers to exploit your applications. This is especially true for XSS (Cross Site Scripting).
October 5, 2006 - 11:04 EDT
The author of this report
uses Google to find sites with SQL injection vulnerabilities. The results are that 11,3% of the assessed sites are open for SQL-injection. SQL injection is still one of the most common web application vulnerabilities.
August 24, 2006 - 09:37 EDT
The clever people at Stanford University has developed a browser plugin to avoid or limit the effect of certain phishing attacks.
August 20, 2006 - 16:53 EDT
Many web sites have SQL-injection and XSS (Cross Site Scripting) vulnerabilities, and security articles often mention lack of input validation as the reason for these problems. This isn't necessarily correct.
August 16, 2006 - 09:01 EDT
There has been a lot of writing on the web lately about Ajax being a major security concern for web applications. But are these concerns really justified? I just read a great article about this on "A Port80 Software Blog": Fear, Uncertainty and Doubt in Web 2.0
July 6, 2006 - 10:38 EDT